"Robin Banks Might Be Robbing Your Bank"

IronNet researchers recently discovered an active cybercrime syndicate launching a new phishing-as-a-service (PhaaS) platform, selling phishing kits to cybercriminals specializing in social engineering scams. This threat actor, known as Robin Banks, sells ready-made phishing kits aimed primarily at financial institutions in the US, as well as numerous companies in Canada, Australia, and the UK. Bank of America, Capital One, Citibank, Wells Fargo, and other financial institutions are advertised on the website. They also provide templates for phishing Google, Microsoft, T-Mobile, and international companies such as Lloyds Bank of England, Netflix in Canada, and Commonwealth Bank of Australia. Based on network traffic analysis and open-source research by IronNet researchers, Robin Banks has been active since at least August 2020. The scammer's newest platform has been operating since March or April 2022. To gain access to the Robin Banks website, interested buyers must first create an account login with an email and password, and then pay with Bitcoin. Customers are greeted by a well-organized dashboard, which includes a sidebar with features for creating a new page, monitoring current pages, adding funds to the wallet, and more. Customers can also find various options for creating a custom phishing kit. According to the researchers, the Robin Banks website has a more advanced yet user-friendly webGUI than 16Shop and BulletProftLink, two well-known phishing kits that are also significantly more expensive than Robin Banks. Robin Banks has gained many new customers in recent months and is one of the few PhaaS platforms that consistently updates templates. Threat actors can choose from a plethora of brands to impersonate and target customers by customizing a kit through Robin Banks. Customers can customize their experience by choosing whether to block users based on user agent strings or to use reCAPTCHA when bot activity is detected. This article continues to discuss findings surrounding the Robin Banks PhaaS platform.

Security Boulevard reports "Robin Banks Might Be Robbing Your Bank"